Enable Two-Factor authentication, and allow a trusted phone number to be capable of resetting a forgotten password
Enable stricter login to accounts that do not have a stored password. Have the option to reset a password, given that a trusted, secured phone number is provided, along with another potential criterion required to be met to recover a lost account password.
Shouldn't use a computer phone to access your email. Computer phones are 'the most insecure devices on the planet' according to a computer science major. In fact, it is safer not to use a computer phone at all. A cell phone should just be a phone. I don't need it to wash the dishes and take out the trash, thank you.
Supporting password resetting implied that the tutanota company will need to have access to your password on server-side so that they can decrypt your mailbox and reencrypt with the new private key (or deencrypt and reencrypt your private key itself).
As a user, I'd rather have the inconvenience of not having the feature than compromising my privacy: that's the whole selling point of tutanota anyway. You (tutanota) don't have my password, and I'd like for it to be kept that way.
You need to know that 2FA using SMS by cellphone is no longer considered highly secure since the known methods of taking over cellphones have not been patched and this info is in the wild. Therefore, password reset is too risky.